neutron

Loopback addresses should not be routable

Bug #1834012 reported by Kobi Samoray on 2019-06-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Low	Kobi Samoray

Bug Description

Neutron route validations should fail creation of routes for loopback CIDR 127.x

Kobi Samoray (ksamoray) on 2019-06-24

Changed in neutron:
assignee:	nobody → Kobi Samoray (ksamoray)

Revision history for this message

Kobi Samoray (ksamoray) wrote on 2019-06-24:

e.g the following should fail:
openstack router set --route destination=127.0.0.0/8,gateway=192.168.100.1 x

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-24: Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.opendev.org/667070

Changed in neutron:
status:	New → In Progress

Bence Romsics (bence-romsics) on 2019-06-24

Changed in neutron:
status:	In Progress → Triaged
importance:	Undecided → Low

Revision history for this message

Bence Romsics (bence-romsics) wrote on 2019-06-24:

Thank you for your bug report!

This is clearly noise in the API we should not allow. On the other hand did you observe any unexpected behavior in the actual routing? In case you did, what is your backend?

Revision history for this message

Kobi Samoray (ksamoray) wrote on 2019-06-25:

@Bence this has been raised by a customer who uses NSX backend.
NSX transaction fails obviously but Neutron should block it before it reaches NSX.

OpenStack Infra (hudson-openstack) on 2019-06-25

Changed in neutron:
status:	Triaged → In Progress

Revision history for this message

Bence Romsics (bence-romsics) wrote on 2019-06-25:

@Kobi: Thanks! In this case the patch you already uploaded is the only one needed here I think.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-26: Fix merged to neutron-lib (master)

Reviewed: https://review.opendev.org/667070
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=8417717411894c2a2b315e21495245a83c23dc87
Submitter: Zuul
Branch: master

commit 8417717411894c2a2b315e21495245a83c23dc87
Author: Kobi Samoray <email address hidden>
Date: Mon Jun 24 14:52:29 2019 +0300

Loopback address routing should be invalid

Host route validators should reject loopback CIDRs.

Change-Id: Ifa545242224bdc80a934b529e44b25b4492d4e0b
CLoses-bug: 1834012

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-07-01: Fix proposed to neutron-lib (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/668390

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-07-03: Fix included in openstack/neutron-lib 1.28.0

This issue was fixed in the openstack/neutron-lib 1.28.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-07-15: Change abandoned on neutron-lib (stable/stein)

Change abandoned by Kobi Samoray (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/668390

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.